From 0c4b9a898527dcaf9a3491ad1cb37a6c3a7b1b63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20=C5=BDlender?= <pub.git@zlender.si>
Date: Tue, 9 Feb 2021 21:08:22 +0100
Subject: [PATCH] Make opening ports in the firewall optional

---
 default.nix                | 6 ++++++
 mail-server/networking.nix | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/default.nix b/default.nix
index 1ca367c..b0b64cf 100644
--- a/default.nix
+++ b/default.nix
@@ -25,6 +25,12 @@ in
   options.mailserver = {
     enable = mkEnableOption "nixos-mailserver";
 
+    openFirewall = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Automatically open ports in the firewall.";
+    };
+
     fqdn = mkOption {
       type = types.str;
       example = "mx.example.com";
diff --git a/mail-server/networking.nix b/mail-server/networking.nix
index 8c8a500..e8a222e 100644
--- a/mail-server/networking.nix
+++ b/mail-server/networking.nix
@@ -20,7 +20,7 @@ let
   cfg = config.mailserver;
 in
 {
-  config = with cfg; lib.mkIf enable {
+  config = with cfg; lib.mkIf (enable && openFirewall) {
 
     networking.firewall = {
       allowedTCPPorts = [ 25 ]